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Amendments to the Claims : 
This listing of claims replaces all prior versions and listings of claims in the application: 

1 . (Previously presented) A network encryption system, comprising: 
a first network interface, adapted for connection to a protected network; 

a second network interface, adapted for connection to an unprotected network; 

a processing part, which manages the encryption of information payload to be sent to the 
unprotected network, and decryption of information payload which are received from the 
unprotected network, and said processing part includes a microprocessor therein; and 

an encryption and decryption system, including a first high-speed crypto system which 
operates using dedicated hardware components for cryptographic encryption and decryption of a 
first format kind of message, a second high-speed crypto system physically separate from said 
first high-speed crypto system using dedicated hardware components for cryptographic 
encryption and decryption of a second format kind of message different than said first format 
kind of message, and a second, lower speed crypto system, which carries out said cryptographic 
operations without dedicated hardware components. 

2. (Original) A system as in claim 1, wherein said first high-speed crypto system 
uses field programmable gate arrays which are configured to carry out a specific encryption or 
decryption operation. 

3. (Original) A system as in claim 1, wherein said first low-speed crypto system 
includes a first portion using a cryptographic processor, and a second crypto portion using 
software running on a general-purpose processor. 

4. (Previously presented) A system as in claim 1, further comprising a key 
management subsystem, physically separate from said processing part and_connected to said 
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processing part via a network interface and communicating using a network management 
protocol, said key management subsystem storing encrypted software keys therein. 

5. (Original) A system as in claim 4, wherein said key management subsystem and 
said processing part communicate via Simple Network Management Protocol. 

6. (Original) A system as in claim 4, wherein said key management subsystem stores 
at least one private key by encrypting said keys using a password for the encryption. 

7. (Original) A system as in claim 4, wherein said key management system 
maintains addresses of other key management systems. 

8. (Original) A system as in claim 1 , wherein said first high-speed crypto system 
includes at least one card. 

9. (Previously presented) A system as in claim 8, wherein said high-speed crypto 
system includes a first card specialized for encryption of SONET frames and a second high- 
speed crypto system includes_a second card specialized for encryption of ATM cells. 

10. (Original) A system as in claim 4, further comprising a security interlock on said 
key management subsystem, and a memory erase function which erases said memory when said 
security interlock is violated. 

1 1 . (Original) A system as in claim 1, wherein said encryption and decryption system 
includes a portion which removes a header associated with the network interface, replaces said 
header with a cryptographic header, processes said message using the cryptographic header, and 
then generates a new header associated with the network interface. 
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12. (Currently amended) A system, comprising: 

a first network interface, adapted for connection to a protected network; 

a second network interface, adapted for connection to an unprotected network; 

a processing part including a third network interface, said processing part managing 
encryption of data from said unprotected network and sending said data to said protected 
network, and managing decryption of data from said protected network and sending said data to 
said unprotected network in a specified form; and 

a key management subsystem, storing encrypted keys therein for use in decryption by 
said processing part, physically separate from said processing part and_connected to said 
processing part by a network connection, and communicating to said processing part via a 
network protocol and connected to said third network interface ; and 

wherein said processing part includes an encryption and decryption system, including a 
high-speed crypto system formed of hardware encryption parts including a first high-speed 
crypto part using dedicated hardware components for cryptographic encryption and decryption of 
a first format kind of message, a second high-speed crypto part physically separate from said first 
high-speed crypto part, using dedicated hardware components for cryptographic encryption and 
decryption of a second format kind of message, different than said first format kind of message . 

13. (Original) A system as in claim 12, wherein said network protocol of said third 
network interface is SNMPV3. 

14. (Original) A system as in claim 12, wherein said unprotected network is a SONET 
network. 

15. (Original) A system as in claim 12, wherein said unprotected network is an ATM 
network. 

16. (Original) A system as in claim 12, wherein said unprotected network is a Frame 
Relay network. 
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17. (Original) A system as in claim 12, wherein said unprotected network is a IP 
network. 

18. (Currently amended) A system as in claim 12, wherein said processing part 
includes an encryption and decryption system, including a high speed crypto oyot e m formed of 
hardware encryption parts including a first high speed crypto part for cryptographic encryption 
and decryption of a first format kind of message, a second high speed crypto part physically 
separat e from said first high sp ee d crypto part, using dedicated hardwar e compon e nts for 
cryptographic e ncryption and d e cryption of a s e cond format kind of m e ssage, diff e r e nt than said 
first format kind of message, and a lower speed crypto system operating using a crypto 
processor. 

19. (Original) A system as in claim 18, wherein said lower speed crypto system 
includes a first part that operates in software, and a second part that operates using a 
cryptographic processor. 

20. (Original) A system as in claim 18, wherein said high-speed crypto system is 
formed of field programmable gate arrays. 

21. (Previously presented) A system as in claim 18, wherein said encryption and 
decryption system operates to remove a header associated with a network protocol of said 
unprotected network, and a header associated with cryptographic functions, process a message 
portion using said header associated with cryptographic functions, and then regenerate a header 
associated with the network protocol. 

22. (Currently amended) A method, comprising: 

connecting to a first network which is a protected network and a second network which is 
an unprotected network; 

encrypting data being sent from said first network to said second network, and decrypting 
data being sent from said second network to said first network; and 
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storing and managing at least one signing key in a separate unit from the unit carrying out 
the encrypting, and communicating with said separate unit, over a separate network from said 
first and second network; 

wherein said encrypting comprises: 

removing a header associated with a network protocol of said second network; 
obtaining key information from said separate unit, and forming an encryption 
header based on said key information and associating said encryption header with a message 
fragment; 

encrypting the message fragment, using said encryption header; and 
regenerating the header associated with the network protocol . 

23. (Cancelled) 



24. (Previously presented) A system as in claim 1, wherein at least one of said 
network interfaces is an Ethernet network. 



